Opened 10 years ago

Closed 8 years ago

#1014 closed enhancement (fixed)

Configurable cipher type/list setting in SIP transport TLS (thanks Tal Fromm for the suggestion)

Reported by: nanang Owned by: bennylp
Priority: normal Milestone: release-1.14
Component: pjsip Version: 1.x-branch
Keywords: Cc:
Backport to 1.x milestone: Backported:

Description (last modified by nanang)

Configuring cipher-suites can be useful in controlling security level, e.g: omitting cipher-suites with anonymous communication is recommended to prevent man-in-the-middle attacks.

Currently, ciphers preference and the order is configurable in PJLIB level, but not in PJSIP TLS transport.

Attachments (2)

1014-key_uses_cipher_code.diff (22.9 KB) - added by nanang 9 years ago.
implementation with cipher code as key, also has cipher names table
1014-key_uses_cipher_index.diff (46.1 KB) - added by nanang 9 years ago.
implementation with cipher index as key

Download all attachments as: .zip

Change History (7)

comment:1 Changed 10 years ago by bennylp

  • Milestone changed from release-1.6 to release-1.7

comment:2 Changed 9 years ago by nanang

  • Description modified (diff)

Configuring cipher-suites can be useful in controlling security level, e.g: omitting cipher-suites with anonymous communication is recommended to prevent man-in-the-middle attacks.

Currently, ciphers preference and the order is configurable in PJLIB level, but not in PJSIP TLS transport.

Changed 9 years ago by nanang

implementation with cipher code as key, also has cipher names table

Changed 9 years ago by nanang

implementation with cipher index as key

comment:3 Changed 9 years ago by nanang

  • Description modified (diff)
  • Milestone changed from release-1.7 to Known-Issues-and-Ideas

comment:4 Changed 8 years ago by nanang

  • Milestone changed from Known-Issues-and-Ideas to release-1.14
  • Version changed from trunk to 1.x-branch

comment:5 Changed 8 years ago by nanang

  • Resolution set to fixed
  • Status changed from new to closed

(In [3942]) Close #1014:

  • Added configurable ciphers setting in SIP TLS transport and pjsua app.
  • Added API pj_ssl_cipher_is_supported().
Note: See TracTickets for help on using tickets.